Adobe Experience Manager Sites & More

It is caching any CUG page I am accessing in the site, not the login page. I can provide detail on my caching rules if you can point me to what you want me to look at..

Please provide the details , did you try with CUG page path deny in cache rules?

HI Suresh, We allow everything for Dispatcher to cache. But as per CUG documentation, CUG pages are not cached by default unless we set "allowAuthorized 1" which makes sense as I dont know what will be path of CUG page in advance, any page can or can not be CUG set by Content Author on the Authoring Production. The only place we have "allowAuthorized" set as 1 is in Author farm files.

you are correct. allowAuthorized set to "0" should work. Can you check dispatcher logs and observe the farm getting invoked and rule applying, when you access the page

I enabled Debug mode in dispatcher and ran the login steps. Here is what I see for my "cugpage" which is a CUG page and Dispatcher by default should not try to create cache for this 

 

domain/cugpage.html

xxxxxx :/mnt/var/log/httpd tail -f *.* | grep "cugpage"
[Thu Dec 03 18:28:29 2020] [D] [pid 10155] checking [/content/consumer-portal/en_CA/cugpage.html]
[Thu Dec 03 18:28:29 2020] [D] [pid 10155] cachefile does not exist: /mnt/var/www/html/content/consumer-portal/en_CA/cugpage.html
[Thu Dec 03 18:28:29 2020] [D] [pid 10155] try to create new cachefile: /mnt/var/www/html/content/consumer-portal/en_CA/cugpage.html
[Thu Dec 03 18:28:29 2020] [D] [pid 10155] cache-action for [/content/consumer-portal/en_CA/cugpage.html]: CREATE
[Thu Dec 03 18:28:29 2020] [D] [pid 10155] response.headers[Location] = "domain/libs/granite/core/content/login.html?resource=%2Fcontent%2Fconsumer-portal%2Fen_CA%2Fcugpage.html&$$login$$=%24%24login%24%24&j_reason=unknown&j_reason_code=unknown"
[Thu Dec 03 18:28:29 2020] [I] [pid 10155] "GET /content/consumer-portal/en_CA/cugpage.html" 302 - 4ms [cugfarm/0]
[Thu Dec 03 18:28:29 2020] [D] [pid 10155] request contains a query string: resource=%2Fcontent%2Fconsumer-portal%2Fen_CA%2Fcugpage.html&$$login$$=%24%24login%24%24&j_reason=unknown&j_reason_code=unknown
[Thu Dec 03 18:28:29 2020] [I] [pid 10155] "GET /libs/granite/core/content/login.html?resource=%2Fcontent%2Fconsumer-portal%2Fen_CA%2Fcugpage.html&$$login$$=%24%24login%24%24&j_reason=unknown&j_reason_code=unknown" 200 12089 26ms [cugfarm/0]

Enter credential and hit login
[Thu Dec 03 18:30:17 2020] [D] [pid 10546] checking [/content/consumer-portal/en_CA/cugpage.html]
[Thu Dec 03 18:30:17 2020] [D] [pid 10546] cachefile does not exist: /mnt/var/www/html/content/consumer-portal/en_CA/cugpage.html
[Thu Dec 03 18:30:17 2020] [D] [pid 10546] try to create new cachefile: /mnt/var/www/html/content/consumer-portal/en_CA/cugpage.html
[Thu Dec 03 18:30:17 2020] [D] [pid 10546] cache-action for [/content/consumer-portal/en_CA/cugpage.html]: CREATE
[Thu Dec 03 18:30:18 2020] [D] [pid 10546] Cache file successfully created: /mnt/var/www/html/content/consumer-portal/en_CA/cugpage.html
[Thu Dec 03 18:30:18 2020] [I] [pid 10546] "GET /content/consumer-portal/en_CA/cugpage.html" - + 688ms [cugfarm/0]

When you use CUGs and want to cache protected content, you should use "Permission Sensitive Caching", see the documentation at https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/permissions-...

Jörg_Hoh , I am not trying to cache CUG pages. My expectation is CUG pages by default never cache in Dispatcher, otherwise if it gets cached into Dispatcher the Authentication will not happen for next user onwards as Dispatcher will serve the page without checking the Authentication...My problem is my CUG pages getting cached and I dont want that to happen.

Hi,

 

by default the dispatcher does not cache any files, for which the request has certain "authentication" headers. That is an "authorization" header or a cookie "authorization" resp "login-token". If any of these are present, the dispatcher won't cache the files, unless you explicitly configure it to do so.

 

Thank you for the solution @SureshDhulipudi ....that works like charm...should have thought of that.. what I think happening for auth_checker is a design flaw...Dispatcher is creating cache file first and then doing validation...which to me should be otherway...

 

But yes, this will work...

 

Thanks again.

Thank you @shelly-goel  for your pointer.

 

I checked one of the domain where it is always creating cache, and I found this in the farm file of that domain:

 

Hmm...even after remove entire /header section it still creates cache file for CUG page. It just stopped creating .h (header cache files) files.

 

So issue exists...

I think you've mixed up my response in another post Or the UI of discussions page is confusing (may be). I was asking you to check where the Cache-Control header is being set and see if it contains "public" or "always" in it.

No, I think I posted in correct post in response to your question. "Cache-Control" is set in 2 of our custom farm files but it have no "public" or "always' in it as I posted above...

 

Even though i remove "Cache-Control" from there, it is still same behaviour.

But eventually I think I figured out where it is stemming from.

 

We are using "/auth_checker" in the farm file and commenting that one out resolving the issue...Need to dig more now... 

I am still clueless why the "/auth_checker" is forcing to create dispatcher cache for CUG page. My CUG page is not in same filter where the "/auth_checker" filters are set...Does "/auth_checker" forces to create dispatcher cache if we are using same farm file where "/auth_checker" is implemented..?

 

I went through these articles:

https://www.argildx.com/technology/permission-sensitive-caching-psc/

https://helpx.adobe.com/ca/experience-manager/kb/PSCachingDelivery.html#samplecode

 

And as per this "/auth_checker" should work only on the filters I mention...